﻿using IdentityModel;
using IdentityServer4;
using IdentityServer4.Models;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace Identity.API.Configuration
{
    public class Config
    {
        // ApiResources define the apis in your system
        public static IEnumerable<ApiResource> GetApis()
        {
            return new List<ApiResource>
            {
                new ApiResource("orderingapi","Order Service",new List<string>{ JwtClaimTypes.Role}),
                new ApiResource("paymentapi","Payment Service",new List<string>{ JwtClaimTypes.Role})
            };
        }
        public static IEnumerable<IdentityResource> GetResources()
        {
            return new List<IdentityResource>
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile()
            };
        }

        // client want to access resources (aka scopes)
        public static IEnumerable<Client> GetClients(Dictionary<string, string> clientsUrl)
        {
            return new List<Client>
            {
                new Client
                {
                    ClientId = "wechat",
                    ClientName = "WeChat Client",
                    ClientSecrets = new List<Secret>
                    {
                        new Secret("hus78327h9ju@s367js+980".Sha256())
                    },
                    ClientUri = $"{clientsUrl["WeChat"]}",
                    AllowedGrantTypes = GrantTypes.ClientCredentials,//GrantTypes.ResourceOwnerPassword
                    AllowAccessTokensViaBrowser = false,
                    RequireConsent = false,
                    AllowOfflineAccess = true,//如果要获取refresh_tokens ,必须把AllowOfflineAccess设置为true
                    AlwaysIncludeUserClaimsInIdToken = true,
                    //AccessTokenType = AccessTokenType.Reference,
                    RedirectUris = new List<string>
                    {
                        $"{clientsUrl["WeChat"]}/signin-oidc"
                    },
                    PostLogoutRedirectUris = new List<string>
                    {
                        $"{clientsUrl["WeChat"]}/signout-callback-oidc"
                    },
                    AllowedScopes = new List<string>
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.OfflineAccess,
                        IdentityServerConstants.StandardScopes.Email,
                        IdentityServerConstants.StandardScopes.Address,
                        IdentityServerConstants.StandardScopes.Phone,
                        "orderingapi",
                        "paymentapi",
                    },
                    AccessTokenLifetime = 60*60*24*1, // 1天
                    IdentityTokenLifetime= 60*60*24*1 // 1天
                },
                //前端Vue
                new Client
                {
                    ClientId = "wechatweb",
                    ClientName = "Wechat Web Client",
                    ClientUri = "http://localhost:4200",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowAccessTokensViaBrowser = true,
                    RequireConsent = true,
                    AccessTokenLifetime = 60 * 5,
                    RedirectUris =
                    {
                        "http://localhost:4200/signin-oidc", //登录成功
                        "http://localhost:4200/redirect-silentrenew"//定时刷新token（看不见）
                    },
                    PostLogoutRedirectUris =   //登出跳转
                    {
                        ""
                    },
                    AllowedCorsOrigins =
                    {
                        "http://localhost:4200" //跨域
                    },
                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.OfflineAccess,
                        "orderingapi",
                        "paymentapi",
                    }
                }
            };
        }
    }
}
